@workos/oagen-emitters 0.2.1 → 0.4.0

package/oagen.config.ts

@@ -1,6 +1,11 @@
-import type { OagenConfig } from '@workos/oagen';
+import type { OagenConfig, OperationHint } from '@workos/oagen';
 import { toCamelCase } from '@workos/oagen';
 import { nodeEmitter } from './src/node/index.js';
+import { pythonEmitter } from './src/python/index.js';
+import { phpEmitter } from './src/php/index.js';
+import { goEmitter } from './src/go/index.js';
+import { dotnetEmitter } from './src/dotnet/index.js';
+import { kotlinEmitter } from './src/kotlin/index.js';
 import { nodeExtractor } from './src/compat/extractors/node.js';
 import { rubyExtractor } from './src/compat/extractors/ruby.js';
 import { pythonExtractor } from './src/compat/extractors/python.js';
@@ -21,8 +26,310 @@ function nestjsOperationIdTransform(id: string): string {
   return idx !== -1 ? toCamelCase(stripped.slice(idx + 1)) : toCamelCase(stripped);
 }
 
+// ---------------------------------------------------------------------------
+// Operation hints — per-operation overrides for the operation resolver.
+// Keyed by "METHOD /path". Only operations that need overrides are listed;
+// the algorithm handles the rest.
+// ---------------------------------------------------------------------------
+const operationHints: Record<string, OperationHint> = {
+  // ── Radar ────────────────────────────────────────────────────────────────
+  'POST /radar/lists/{type}/{action}': { name: 'add_list_entry' },
+  'DELETE /radar/lists/{type}/{action}': { name: 'remove_list_entry' },
+
+  // ── SSO ──────────────────────────────────────────────────────────────────
+  'GET /sso/authorize': {
+    name: 'get_authorization_url',
+    defaults: { response_type: 'code' },
+    inferFromClient: ['client_id'],
+    urlBuilder: true,
+  },
+  'GET /sso/logout': { name: 'get_logout_url', urlBuilder: true },
+  'GET /sso/profile': { name: 'get_profile' },
+  'POST /sso/token': {
+    name: 'get_profile_and_token',
+    defaults: { grant_type: 'authorization_code' },
+    inferFromClient: ['client_id', 'client_secret'],
+  },
+
+  // ── SSO / JWKS (mounted on UserManagement via mountRules) ────────────────
+  'GET /sso/jwks/{clientId}': { name: 'get_jwks' },
+
+  // ── User Management — auth ──────────────────────────────────────────────
+  'GET /user_management/authorize': {
+    name: 'get_authorization_url',
+    defaults: { response_type: 'code' },
+    inferFromClient: ['client_id'],
+    urlBuilder: true,
+  },
+  'GET /user_management/sessions/logout': { name: 'get_logout_url', urlBuilder: true },
+
+  // ── User Management — org membership actions ────────────────────────────
+  'PUT /user_management/organization_memberships/{id}/deactivate': {
+    name: 'deactivate_organization_membership',
+  },
+  'PUT /user_management/organization_memberships/{id}/reactivate': {
+    name: 'reactivate_organization_membership',
+  },
+
+  // ── Admin Portal ────────────────────────────────────────────────────────
+  'POST /portal/generate_link': { name: 'generate_link' },
+
+  // ── Feature Flags — disambiguate co-mounted list operations ─────────────
+  'GET /organizations/{organizationId}/feature-flags': { name: 'list_organization_feature_flags' },
+  'GET /user_management/users/{userId}/feature-flags': { name: 'list_user_feature_flags' },
+
+  // ── External ID lookups (not derivable from path) ──────────────────────
+  'GET /organizations/external_id/{external_id}': { name: 'get_organization_by_external_id' },
+  'GET /user_management/users/external_id/{external_id}': { name: 'get_user_by_external_id' },
+
+  // ── Authorization — environment-scoped roles ─────────────────────────────
+  'GET /authorization/roles': { name: 'list_environment_roles' },
+  'POST /authorization/roles': { name: 'create_environment_role' },
+  'GET /authorization/roles/{slug}': { name: 'get_environment_role' },
+  'PATCH /authorization/roles/{slug}': { name: 'update_environment_role' },
+  'PUT /authorization/roles/{slug}/permissions': {
+    name: 'set_environment_role_permissions',
+  },
+  'POST /authorization/roles/{slug}/permissions': {
+    name: 'add_environment_role_permission',
+  },
+
+  // ── Authorization — singularized/shortened names ────────────────────────
+  'POST /authorization/permissions': { name: 'create_permission' },
+  'POST /authorization/resources': { name: 'create_resource' },
+  'POST /authorization/organization_memberships/{organization_membership_id}/check': {
+    name: 'check',
+  },
+  'POST /authorization/organization_memberships/{organization_membership_id}/role_assignments': {
+    name: 'assign_role',
+  },
+  'DELETE /authorization/organization_memberships/{organization_membership_id}/role_assignments': {
+    name: 'remove_role',
+  },
+  'POST /authorization/organizations/{organizationId}/roles': {
+    name: 'create_organization_role',
+  },
+
+  // ── Authorization — env-scoped resource memberships ────────────────────
+  'GET /authorization/resources/{resource_id}/organization_memberships': { name: 'list_memberships_for_resource' },
+
+  // ── User Management — singularized/shortened names ─────────────────────
+  'POST /user_management/users': { name: 'create_user' },
+  'POST /user_management/organization_memberships': {
+    name: 'create_organization_membership',
+  },
+  'POST /user_management/invitations': { name: 'send_invitation' },
+  'GET /user_management/invitations/by_token/{token}': {
+    name: 'find_invitation_by_token',
+  },
+  'POST /user_management/users/{id}/email_verification/send': {
+    name: 'send_verification_email',
+  },
+  'POST /user_management/users/{id}/email_verification/confirm': {
+    name: 'verify_email',
+  },
+  'POST /user_management/password_reset': { name: 'reset_password' },
+  'POST /user_management/password_reset/confirm': {
+    name: 'confirm_password_reset',
+  },
+  'GET /user_management/users/{id}/sessions': { name: 'list_sessions' },
+  'GET /user_management/users/{id}/identities': { name: 'get_user_identities' },
+  'POST /user_management/cors_origins': { name: 'create_cors_origin' },
+  'POST /user_management/redirect_uris': { name: 'create_redirect_uri' },
+
+  // ── Organizations — singularized names ─────────────────────────────────
+  'POST /organizations': { name: 'create_organization' },
+
+  // ── Directory Sync — shortened names ───────────────────────────────────
+  'GET /directory_groups': { name: 'list_groups' },
+  'GET /directory_groups/{id}': { name: 'get_group' },
+  'GET /directory_users': { name: 'list_users' },
+  'GET /directory_users/{id}': { name: 'get_user' },
+
+  // ── Audit Logs — singularized names ────────────────────────────────────
+  'POST /audit_logs/events': { name: 'create_event' },
+  'POST /audit_logs/exports': { name: 'create_export' },
+  'POST /audit_logs/actions/{actionName}/schemas': { name: 'create_schema' },
+
+  // ── Feature Flags — match SDK conventions ──────────────────────────────
+  'POST /feature-flags/{slug}/targets/{resourceId}': { name: 'add_flag_target' },
+  'DELETE /feature-flags/{slug}/targets/{resourceId}': {
+    name: 'remove_flag_target',
+  },
+
+  // ── Organizations — audit log config (singular fetch, not a list) ───────
+  'GET /organizations/{id}/audit_log_configuration': {
+    name: 'get_audit_log_configuration',
+  },
+
+  // ── Organizations — audit logs retention (mounted on AuditLogs) ─────────
+  'GET /organizations/{id}/audit_logs_retention': {
+    name: 'get_organization_audit_logs_retention',
+    mountOn: 'AuditLogs',
+  },
+  'PUT /organizations/{id}/audit_logs_retention': { mountOn: 'AuditLogs' },
+
+  // ── Union split: POST /user_management/authenticate (8 variants) ────────
+  // Common optional fields appended to every variant's exposedParams so the
+  // generated wrappers cover the full spec body shape (fraud/audit context the
+  // server consumes when present).
+  'POST /user_management/authenticate': {
+    split: [
+      {
+        name: 'authenticate_with_password',
+        targetVariant: 'PasswordSessionAuthenticateRequest',
+        defaults: { grant_type: 'password' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: ['email', 'password', 'invitation_token', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['invitation_token', 'ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_code',
+        targetVariant: 'CodeSessionAuthenticateRequest',
+        defaults: { grant_type: 'authorization_code' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: ['code', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_refresh_token',
+        targetVariant: 'RefreshTokenSessionAuthenticateRequest',
+        defaults: { grant_type: 'refresh_token' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: ['refresh_token', 'organization_id', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['organization_id', 'ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_magic_auth',
+        targetVariant: 'MagicAuthSessionAuthenticateRequest',
+        defaults: { grant_type: 'urn:workos:oauth:grant-type:magic-auth:code' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: ['code', 'email', 'invitation_token', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['invitation_token', 'ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_email_verification',
+        targetVariant: 'EmailVerificationSessionAuthenticateRequest',
+        defaults: { grant_type: 'urn:workos:oauth:grant-type:email-verification:code' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: ['code', 'pending_authentication_token', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['pending_authentication_token', 'ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_totp',
+        targetVariant: 'TotpSessionAuthenticateRequest',
+        defaults: { grant_type: 'urn:workos:oauth:grant-type:mfa-totp' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: [
+          'code',
+          'pending_authentication_token',
+          'authentication_challenge_id',
+          'ip_address',
+          'device_id',
+          'user_agent',
+        ],
+        optionalParams: ['ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_organization_selection',
+        targetVariant: 'OrganizationSelectionSessionAuthenticateRequest',
+        defaults: { grant_type: 'urn:workos:oauth:grant-type:organization-selection' },
+        inferFromClient: ['client_id', 'client_secret'],
+        exposedParams: ['pending_authentication_token', 'organization_id', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['ip_address', 'device_id', 'user_agent'],
+      },
+      {
+        name: 'authenticate_with_device_code',
+        targetVariant: 'DeviceCodeSessionAuthenticateRequest',
+        defaults: { grant_type: 'urn:ietf:params:oauth:grant-type:device_code' },
+        inferFromClient: ['client_id'],
+        exposedParams: ['device_code', 'ip_address', 'device_id', 'user_agent'],
+        optionalParams: ['ip_address', 'device_id', 'user_agent'],
+      },
+    ],
+  },
+
+  // ── Union split: POST /connect/applications (2 variants) ────────────────
+  'POST /connect/applications': {
+    split: [
+      {
+        name: 'create_oauth_application',
+        targetVariant: 'CreateOAuthApplication',
+        defaults: { application_type: 'oauth' },
+        exposedParams: [
+          'name',
+          'is_first_party',
+          'description',
+          'scopes',
+          'redirect_uris',
+          'uses_pkce',
+          'organization_id',
+        ],
+      },
+      {
+        name: 'create_m2m_application',
+        targetVariant: 'CreateM2MApplication',
+        defaults: { application_type: 'm2m' },
+        exposedParams: ['name', 'organization_id', 'description', 'scopes'],
+      },
+    ],
+  },
+};
+
+// ---------------------------------------------------------------------------
+// Mount rules — service-level remounting. Maps IR service name → target
+// service/namespace (PascalCase). All operations in the source service are
+// mounted on the target unless overridden per-operation in operationHints.
+// ---------------------------------------------------------------------------
+const mountRules: Record<string, string> = {
+  // MFA sub-services → MultiFactorAuth
+  MultiFactorAuthChallenges: 'MultiFactorAuth',
+
+  // RBAC permissions → Authorization
+  Permissions: 'Authorization',
+
+  // Connect sub-services → Connect
+  WorkosConnect: 'Connect',
+  Applications: 'Connect',
+  ApplicationClientSecrets: 'Connect',
+
+  // SSO connections → SSO
+  Connections: 'SSO',
+
+  // Directory Sync sub-services → DirectorySync
+  Directories: 'DirectorySync',
+  DirectoryGroups: 'DirectorySync',
+  DirectoryUsers: 'DirectorySync',
+
+  // Feature flag sub-services → FeatureFlags
+  FeatureFlagsTargets: 'FeatureFlags',
+  OrganizationsFeatureFlags: 'FeatureFlags',
+  UserManagementUsersFeatureFlags: 'FeatureFlags',
+
+  // Org API keys → ApiKeys
+  OrganizationsApiKeys: 'ApiKeys',
+
+  // User Management sub-services → UserManagement
+  UserManagementSessionTokens: 'UserManagement',
+  UserManagementAuthentication: 'UserManagement',
+  UserManagementCorsOrigins: 'UserManagement',
+  UserManagementUsers: 'UserManagement',
+  UserManagementInvitations: 'UserManagement',
+  UserManagementJWTTemplate: 'UserManagement',
+  UserManagementMagicAuth: 'UserManagement',
+  UserManagementOrganizationMembership: 'UserManagement',
+  UserManagementRedirectUris: 'UserManagement',
+  UserManagementUsersAuthorizedApplications: 'UserManagement',
+
+  // Pipes / Data Providers → Pipes
+  UserManagementDataProviders: 'Pipes',
+
+  // User Management MFA → MultiFactorAuth
+  UserManagementMultiFactorAuthentication: 'MultiFactorAuth',
+};
+
 const config: OagenConfig = {
-  emitters: [nodeEmitter],
+  emitters: [nodeEmitter, pythonEmitter, phpEmitter, goEmitter, dotnetEmitter, kotlinEmitter],
   extractors: [
     nodeExtractor,
     rubyExtractor,
@@ -47,5 +354,24 @@ const config: OagenConfig = {
   },
   docUrl: 'https://workos.com/docs',
   operationIdTransform: nestjsOperationIdTransform,
+  schemaNameTransform: (name: string) => {
+    // Explicit renames for Dto models that collide with response models
+    const COLLISION_RENAMES: Record<string, string> = {
+      OrganizationDto: 'OrganizationInput',
+      RedirectUriDto: 'RedirectUriInput',
+      // Generic list-derived names that need domain-specific identifiers
+      ListData: 'Role',
+      ListModel: 'RoleList',
+      // Double-List naming artifact
+      EventListListMetadata: 'EventListMetadata',
+    };
+    if (COLLISION_RENAMES[name]) return COLLISION_RENAMES[name];
+    return name
+      .replace(/Dto/g, '')
+      .replace(/DTO/g, '')
+      .replace(/^Urn(?:IetfParams|Workos)O[Aa]uthGrantType/, '');
+  },
+  operationHints,
+  mountRules,
 };
 export default config;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@workos/oagen-emitters",
-  "version": "0.2.1",
+  "version": "0.4.0",
   "description": "WorkOS' oagen emitters",
   "license": "MIT",
   "author": "WorkOS",
@@ -28,6 +28,10 @@
     "test": "vitest run",
     "test:watch": "vitest",
     "typecheck": "tsc --noEmit",
+    "git:push": "sh ./scripts/git-push-with-published-oagen.sh",
+    "oagen:build:local": "npm --prefix ../oagen run build",
+    "oagen:use:local": "npm run oagen:build:local && npm link ../oagen",
+    "oagen:use:published": "sh -c 'npm unlink @workos/oagen >/dev/null 2>&1 || true; npm install --ignore-scripts @workos/oagen@^0.4.0'",
     "prepare": "husky",
     "sdk:generate:dotnet": "oagen generate --lang dotnet --output ./sdk-dotnet --namespace workos --api-surface ./sdk-dotnet-surface.json",
     "sdk:verify:dotnet": "oagen verify --lang dotnet --output ./sdk-dotnet --api-surface ./sdk-dotnet-surface.json",
@@ -44,7 +48,7 @@
     "sdk:generate:node": "oagen generate --lang node --output ./sdk-node --namespace workos --api-surface ./sdk-node-surface.json",
     "sdk:verify:node": "oagen verify --lang node --output ./sdk-node --api-surface ./sdk-node-surface.json",
     "sdk:extract:node": "oagen extract --lang node --sdk-path ../backend/workos-node --output ./sdk-node-surface.json",
-    "sdk:generate:php": "oagen generate --lang php --output ./sdk-php --namespace workos --api-surface ./sdk-php-surface.json",
+    "sdk:generate:php": "node scripts/generate-php.js",
     "sdk:verify:php": "oagen verify --lang php --output ./sdk-php --api-surface ./sdk-php-surface.json",
     "sdk:extract:php": "oagen extract --lang php --sdk-path ../backend/workos-php --output ./sdk-php-surface.json",
     "sdk:generate:python": "oagen generate --lang python --output ./sdk-python --namespace workos --api-surface ./sdk-python-surface.json",
@@ -57,9 +61,6 @@
     "sdk:verify:rust": "oagen verify --lang rust --output ./sdk-rust --api-surface ./sdk-rust-surface.json",
     "sdk:extract:rust": "oagen extract --lang rust --sdk-path ../backend/workos-rust --output ./sdk-rust-surface.json"
   },
-  "dependencies": {
-    "@workos/oagen": "^0.3.0"
-  },
   "devDependencies": {
     "@commitlint/cli": "^20.5.0",
     "@commitlint/config-conventional": "^20.5.0",
@@ -75,5 +76,8 @@
   },
   "engines": {
     "node": ">=24.10.0"
+  },
+  "dependencies": {
+    "@workos/oagen": "^0.6.0"
   }
 }

package/scripts/generate-php.js

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+/**
+ * PHP SDK generation wrapper.
+ */
+import { execSync } from 'node:child_process';
+
+// Build oagen command with all passed arguments
+const extraArgs = process.argv.slice(2).join(' ');
+const baseCmd = 'oagen generate --lang php --output ./sdk-php --namespace WorkOS --api-surface ./sdk-php-surface.json';
+const fullCmd = extraArgs ? `${baseCmd} ${extraArgs}` : baseCmd;
+
+// Run oagen generate
+execSync(fullCmd, { stdio: 'inherit' });

package/scripts/git-push-with-published-oagen.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env sh
+set -eu
+
+repo_root="$(git rev-parse --show-toplevel)"
+cd "$repo_root"
+
+restore_local() {
+  echo "push wrapper: restoring local ../oagen link"
+  npm run oagen:use:local
+}
+
+cleanup() {
+  restore_local
+}
+
+trap cleanup EXIT INT TERM HUP
+
+echo "push wrapper: switching @workos/oagen to the published package"
+npm run oagen:use:published
+
+git push "$@"

package/smoke/sdk-dotnet.ts

@@ -405,14 +405,33 @@ function buildBatchedCSharpScript(port: number, ns: string, calls: PlannedCall[]
 // ---------------------------------------------------------------------------
 
 /**
- * Find the .csproj file in the SDK directory. Returns the full resolved path.
+ * Find the .csproj file in the SDK directory. Searches the root first, then
+ * common subdirectory patterns (src/{Name}/) used by the generated SDK layout.
  */
 function findCsproj(sdkPath: string): string {
-  const files = readdirSync(sdkPath).filter((f) => f.endsWith('.csproj'));
-  if (files.length === 0) {
-    throw new Error(`No .csproj file found in ${sdkPath}`);
+  // Check root directory first
+  const rootFiles = readdirSync(sdkPath).filter((f) => f.endsWith('.csproj'));
+  if (rootFiles.length > 0) {
+    return resolve(sdkPath, rootFiles[0]);
   }
-  return resolve(sdkPath, files[0]);
+
+  // Check src/ subdirectories (generated SDK layout: src/WorkOS.net/WorkOS.net.csproj)
+  const srcDir = resolve(sdkPath, 'src');
+  if (existsSync(srcDir)) {
+    for (const subdir of readdirSync(srcDir)) {
+      const subdirPath = resolve(srcDir, subdir);
+      try {
+        const subFiles = readdirSync(subdirPath).filter((f) => f.endsWith('.csproj'));
+        if (subFiles.length > 0) {
+          return resolve(subdirPath, subFiles[0]);
+        }
+      } catch {
+        // Not a directory, skip
+      }
+    }
+  }
+
+  throw new Error(`No .csproj file found in ${sdkPath} or ${sdkPath}/src/*/`);
 }
 
 /**
@@ -429,6 +448,18 @@ function detectNamespace(sdkPath: string): string {
   return base.replace('.csproj', '');
 }
 
+/**
+ * Detect the assembly name from the .csproj file's AssemblyName property.
+ * Falls back to namespace if not found.
+ */
+function detectAssemblyName(sdkPath: string): string {
+  const csprojPath = findCsproj(sdkPath);
+  const content = readFileSync(csprojPath, 'utf-8');
+  const match = content.match(/<AssemblyName>([^<]+)<\/AssemblyName>/);
+  if (match) return match[1];
+  return detectNamespace(sdkPath);
+}
+
 // ---------------------------------------------------------------------------
 // .NET project generation
 // ---------------------------------------------------------------------------
@@ -590,9 +621,10 @@ async function main(): Promise<void> {
   const spec = await parseSpec(specPath);
   console.log(`Spec: ${spec.name} v${spec.version}`);
 
-  // Detect SDK namespace
+  // Detect SDK namespace and assembly name
   const ns = detectNamespace(sdkPath);
-  console.log(`SDK namespace: ${ns}`);
+  const assemblyName = detectAssemblyName(sdkPath);
+  console.log(`SDK namespace: ${ns}, assembly: ${assemblyName}`);
 
   // Load manifest
   const manifest = loadManifest(sdkPath);
@@ -620,10 +652,12 @@ async function main(): Promise<void> {
 
   // Step 1: Build the SDK project to a DLL
   const sdkCsprojPath = findCsproj(sdkPath);
+  const sdkCsprojDir = sdkCsprojPath.substring(0, sdkCsprojPath.lastIndexOf('/'));
+  const sdkDllDir = resolve(sdkPath, 'bin/Release');
   console.log('Building SDK...');
   try {
-    execSync(`dotnet build "${sdkCsprojPath}" -c Release -o "${resolve(sdkPath, 'bin/Release/net8.0')}"`, {
-      cwd: sdkPath,
+    execSync(`dotnet build "${sdkCsprojPath}" -c Release -o "${sdkDllDir}"`, {
+      cwd: sdkCsprojDir,
       timeout: 120000,
       stdio: ['pipe', 'pipe', 'pipe'],
       env: { ...process.env, DOTNET_NOLOGO: '1' },
@@ -635,9 +669,8 @@ async function main(): Promise<void> {
     process.exit(1);
   }
 
-  // Find the SDK DLL
-  const sdkDllDir = resolve(sdkPath, 'bin/Release/net8.0');
-  const sdkDll = resolve(sdkDllDir, `${ns}.dll`);
+  // Find the SDK DLL (use AssemblyName, not namespace)
+  const sdkDll = resolve(sdkDllDir, `${assemblyName}.dll`);
 
   // Step 2: Bootstrap the driver project referencing the built DLL
   mkdirSync(tmpDir, { recursive: true });